Total
254822 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-2409 | 1 Nbsmtp | 1 Nbsmtp | 2024-02-04 | 7.5 HIGH | N/A |
Format string vulnerability in util.c in nbsmtp 0.99 and earlier, while running in debug mode, allows remote attackers to execute arbitrary code via format string specifiers that are not properly handled in a syslog call. | |||||
CVE-2005-0756 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.1 LOW | N/A |
ptrace in Linux kernel 2.6.8.1 does not properly verify addresses on the amd64 platform, which allows local users to cause a denial of service (kernel crash). | |||||
CVE-2005-2698 | 1 Nelogic Technologies | 1 Nephp Publisher Enterprise | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in browse.php in Nephp Publisher Enterprise 3.04 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded keywords parameter. | |||||
CVE-2004-1175 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2024-02-04 | 7.5 HIGH | N/A |
fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters. | |||||
CVE-2006-2866 | 1 Dotclear | 1 Dotclear | 2024-02-04 | 5.1 MEDIUM | N/A |
PHP remote file inclusion vulnerability in layout/prepend.php in DotClear 1.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a FTP URL in the blog_dc_path parameter, which passes file_exists() and is_dir() tests on PHP 5. | |||||
CVE-2006-1347 | 1 Greg Neustaetter | 1 Gcards | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in loginfunction.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
CVE-2006-2565 | 1 Alstrasoft | 1 Article Manager Pro | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via (1) the author_id parameter in profile.php and (2) the aut_id parameter in userarticles.php. NOTE: the aut_id vector can produce resultant path disclosure if the SQL manipulation is invalid. | |||||
CVE-2005-2067 | 1 Asp-nuke | 1 Asp-nuke | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in article.asp in unknown versions of aspnuke allows remote attackers to execute arbitrary SQL commands via the articleid parameter. | |||||
CVE-2005-2222 | 1 Mailenable | 1 Mailenable Professional | 2024-02-04 | 10.0 HIGH | N/A |
Unknown vulnerability in the HTTPMail service in MailEnable Professional before 1.6 has unknown impact and attack vectors. | |||||
CVE-2006-3308 | 1 Zoid Technologies | 1 Project Eros Bbsengine | 2024-02-04 | 9.3 HIGH | N/A |
Unspecified vulnerability in the wpprop code for Project EROS bbsengine before 20060622-0315 has unknown impact and remote attack vectors via [img] tags, possibly cross-site scripting (XSS). | |||||
CVE-2005-1391 | 1 Apsis | 1 Pound | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the add_port function in APSIS Pound 1.8.2 and earlier allows remote attackers to execute arbitrary code via a long Host HTTP header. | |||||
CVE-2006-4558 | 1 Deluxebb | 1 Deluxebb | 2024-02-04 | 7.5 HIGH | N/A |
DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php. | |||||
CVE-2004-0988 | 1 Apple | 1 Quicktime | 2024-02-04 | 5.0 MEDIUM | N/A |
Integer overflow on Apple QuickTime before 6.5.2, when running on Windows systems, allows remote attackers to cause a denial of service (memory consumption) via certain inputs that cause a large memory operation. | |||||
CVE-2005-0116 | 1 Awstats | 1 Awstats | 2024-02-04 | 7.5 HIGH | N/A |
AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl. | |||||
CVE-2005-1634 | 1 Jgs-xa | 1 Jgs-portal | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in JGS-XA JGS-Portal 3.0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) anzahl_beitraege parameter to jgs_portal.php, (2) year parameter to jgs_portal_statistik.php, (3) year parameter to jgs_portal_beitraggraf.php, (4) tag parameter to jgs_portal_viewsgraf.php, (5) year parameter to jgs_portal_themengraf.php, (6) year parameter to jgs_portal_mitgraf.php, (7) id parameter to jgs_portal_sponsor.php, or (8) the Accept-Language header to jgs_portal_log.php. NOTE: this issue may stem from the same core problem as CVE-2005-1633. | |||||
CVE-2005-3396 | 1 Ibm | 1 Aix | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, when DEBUG MALLOC is enabled, might allow attackers to execute arbitrary code via a long command line argument. | |||||
CVE-2004-2352 | 1 Martin Bauer | 1 Gbook | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in GBook for PHP-Nuke 1.0 allows remote attackers to inject arbitrary web script or HTML via cookies that are stored in the $_COOKIE PHP variable, which is not cleansed by PHP-Nuke. | |||||
CVE-2004-2565 | 1 Sambar | 1 Sambar Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, when the administrative IP address restrictions have been modified from the default, allow remote authenticated users to read arbitrary files via (1) a "..\" (dot dot backslash) in the file parameter to showini.asp, or (2) an absolute path with drive letter in the log parameter to showlog.asp. | |||||
CVE-2005-3575 | 1 Cynox | 1 Cyphor | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in show.php in Cyphor 0.19 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2006-0192 | 1 Philip Loftin | 1 Aspsurvey | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 allows remote attackers to execute arbitrary SQL commands via the Password parameter to login.asp. |